Merge branch 'main' into franziskus/update-c-ext-tools

cryspen · Feb 10, 2025 · 15b22d1 · 15b22d1
2 parents b58e3fe + 900c350
commit 15b22d1
Show file tree

Hide file tree

Showing 28 changed files with 9,248 additions and 454 deletions.
diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml
@@ -13,7 +13,25 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  setup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
+        id: changes
+        with:
+          filters: |
+            docker-c:
+              - ".docker/c/**"
+        # If one of the above files is changed,
+        # `steps.changes.outputs.docker-c` = 'true'.
+    outputs:
+      # only run if files in `.docker/c/` unchanged
+      should-run: ${{ steps.changes.outputs.docker-c == 'false' }}
+
   extract:
+    needs: [setup]
+    if: ${{ needs.setup.outputs.should-run == 'true' }}
     runs-on: ubuntu-latest
     container: franziskus/libcrux-c:latest
     defaults:
@@ -36,6 +54,8 @@ jobs:
           if-no-files-found: error
 
   extract-header-only-ml-kem:
+    needs: [setup]
+    if: ${{ needs.setup.outputs.should-run == 'true' }}
     runs-on: ubuntu-latest
     container: franziskus/libcrux-c:latest
     defaults:
@@ -59,6 +79,8 @@ jobs:
 
 
   extract-header-only-ml-dsa:
+    needs: [setup]
+    if: ${{ needs.setup.outputs.should-run == 'true' }}
     runs-on: ubuntu-latest
     container: franziskus/libcrux-c:latest
     defaults:

diff --git a/Cargo.toml b/Cargo.toml
@@ -26,6 +26,8 @@ members = [
     "poly1305",
     "chacha20poly1305",
     "rsa",
+    "ecdsa",
+    "p256",
     "blake2",
 ]
 

diff --git a/blake2/src/hacl/hash_blake2b.rs b/blake2/src/hacl/hash_blake2b.rs
@@ -1,10 +1,7 @@
 #![allow(non_snake_case)]
 #![allow(non_upper_case_globals)]
 #![allow(non_camel_case_types)]
-#![allow(unused_assignments)]
-#![allow(unreachable_patterns)]
-#![allow(clippy::match_single_binding)]
-#![allow(clippy::needless_lifetimes)]
+#![allow(dead_code)]
 
 use libcrux_hacl_rs::prelude::*;
 use libcrux_macros as krml;

diff --git a/blake2/src/hacl/hash_blake2s.rs b/blake2/src/hacl/hash_blake2s.rs
@@ -1,10 +1,7 @@
 #![allow(non_snake_case)]
 #![allow(non_upper_case_globals)]
 #![allow(non_camel_case_types)]
-#![allow(unused_assignments)]
-#![allow(unreachable_patterns)]
-#![allow(clippy::match_single_binding)]
-#![allow(clippy::needless_lifetimes)]
+#![allow(dead_code)]
 
 use libcrux_hacl_rs::prelude::*;
 use libcrux_macros as krml;

diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml
@@ -0,0 +1,26 @@
+[package]
+name = "libcrux-ecdsa"
+description = "Formally verified ECDSA signature library"
+
+version.workspace = true
+authors.workspace = true
+license.workspace = true
+homepage.workspace = true
+edition.workspace = true
+repository.workspace = true
+readme.workspace = true
+
+[dependencies]
+libcrux-p256 = { version = "=0.0.2-beta.2", path = "../p256", features = [
+    "expose-hacl",
+] }
+libcrux-sha2 = { version = "=0.0.2-beta.2", path = "../sha2" }
+rand = { version = "0.8", optional = true }
+
+[features]
+default = ["rand"]
+rand = ["dep:rand"]
+
+[dev-dependencies]
+serde = { version = "1.0.217", features = ["derive"] }
+serde_json = "1.0.138"
diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs
@@ -0,0 +1,29 @@
+//! # ECDSA
+//!
+//! A formally verified implementation of ECDSA on P-curves.
+//!
+//! For now only P-256 is supported.
+
+#![no_std]
+#![forbid(unsafe_code)]
+
+pub mod p256;
+
+#[derive(Debug, PartialEq, Eq, Clone, Copy)]
+pub enum Error {
+    InvalidInput,
+    InvalidScalar,
+    InvalidPoint,
+    NoCompressedPoint,
+    NoUnCompressedPoint,
+    SigningError,
+    InvalidSignature,
+    RandError,
+    UnsupportedHash,
+}
+
+/// The hash algorithm used for signing or verifying.
+pub type DigestAlgorithm = libcrux_sha2::Algorithm;
+
+/// The number of iteration for rejection sampling.
+pub(crate) const RAND_LIMIT: usize = 100;